PT-2023-4409 · Unknown+1 · Open Babel+1
Claudio Bozzato
·
Published
2023-07-21
·
Updated
2023-07-27
·
CVE-2022-46280
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Open Babel versions 3.1.1 and prior to the version that includes the fix for this issue
Description
A use of uninitialized pointer issue exists in the PQS format pFormat functionality. This can be exploited by providing a specially crafted malformed file, potentially leading to arbitrary code execution. An attacker can trigger this issue by providing a malicious file.
Recommendations
For Open Babel version 3.1.1, update to a version that includes the fix for this issue.
For versions prior to the fixed version, consider restricting the use of the PQS format pFormat functionality until a patch is available.
Exploit
Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Open Babel